Report: NSA bulk metadata collection has “no discernible impact”

New outside analysis shows 1 of 225 terrorism cases used metadata, but poorly.

A new paper published Monday by the New America Foundation demonstrably destroys the US government claim that bulk metadata collection is useful. (Three US senators made the same claim back in November 2013.) The paper’s lead author is Peter Bergen, a journalist and terrorism analyst who famously interviewed Osama bin Laden for CNN in 1997.

…recruited by al-Qaeda or a like-minded group or inspired by al-Qaeda’s ideology, and charged in the United States with an act of terrorism since 9/11, demonstrat[ing] that traditional investigative methods, such as the use of informants, tips from local communities, and targeted intelligence operations, provided the initial impetus for investigations in the majority of cases, while the contribution of NSA’s bulk surveillance programs to these cases was minimal.

Indeed, the controversial bulk collection of American telephone metadata, which includes the telephone numbers that originate and receive calls, as well as the time and date of those calls but not their content, under Section 215 of the USA PATRIOT Act, appears to have played an identifiable role in initiating, at most, 1.8 percent of these cases. NSA programs involving the surveillance of non-U.S. persons outside of the United States under Section 702 of the FISA Amendments Act played a role in 4.4 percent of the terrorism cases we examined, and NSA surveillance under an unidentified authority played a role in 1.3 percent of the cases we examined.

. . .

Surveillance of American phone metadata has had no discernible impact on preventing acts of terrorism and only the most marginal of impacts on preventing terrorist-related activity, such as fundraising for a terrorist group.

Further Reading

The study concluded that “traditional investigative methods,” including the use of informants, community/family tips, are actually far more effective. The researchers also show that individualized and targeted warrants issued through traditional criminal courts or by the Foreign Intelligence Surveillance Court (FISC) are fully capable of obtaining detailed information—particularly on the content of digital correspondence—that is otherwise legally unobtainable.

“[The Bergen report] is additional evidence of the question of the ‘efficacy’ of the surveillance program, a factor that weighs heavily when one balances security against liberty,” Ruthann Robson, a law professor at the City University of New York, told Ars. “If the program does not provide security, then its weight on the scales is minimal.”

Other legal scholars have reached similar conclusions.

"Until the NSA provides additional information regarding how the information is used (other than to claim broadly that it’s used to stop terrorism), the inferences drawn in the report from the available data are at least reasonable," Clark Asay, a law professor at Penn State, told Ars. "If the government wants to provide additional details disproving the report’s conclusions, I think most would consider that a most welcome development."

Ain’t no party like a third-party (doctrine)!

So which case out of all of the 225 constitutes that 1.8 percent?

It’s the sticky case of San Diego cab driver Basaaly Saeed Moalin and his three associates. Moalin, a Somali immigrant, was convicted in February 2013 on five counts, including conspiracy to provide material support (that is, $8,500) to a foreign terrorist organization, Somali terrorist group Al Shabaab, in 2007 and 2008.

The case is under appeal on the grounds that the National Security Agency unconstitutionally abused its authority to target Moalin. Coincidentally, Moalin is represented by Joshua Dratel, also the defense attorney for Ross Ulbricht, accused of heading up the notorious Silk Road online drug marketplace. Ulbricht remains in federal custody.

Further Reading

As Ars has reported previously, the government’s response (PDF) to Moalin’s request for a new trial, filed on September 30, 2013, is a heavily redacted brief arguing that when law enforcement can monitor one person’s information without a warrant, it can monitor everyone’s information, “regardless of the collection’s expanse.” Notably, the government is also arguing that no one other than the company that provided the information—including the defendant in this case—has the right to challenge this disclosure in court.

Government prosecutors argued that Moalin had no standing to challenge the collection of telephone metadata from his phone provider, citing the third-party doctrine.

As Ars has described before, in 1976, the Supreme Court ruled in the landmark case Smith v. Maryland that when someone calls a telephone number, that number has been disclosed to a third party (the phone company). Therefore, the Supreme Court held, it is not private (because it was disclosed through the act of making the call), and the government can have easy access to those call records—this is the origin of the third-party doctrine.

Changes afoot?

Many legal advocates hope that this legal theory will be increasingly challenged in the courts.

Some of the Supreme Court justices, notably Justice Sonia Sotomayor, seemed to indicate in the 2012 United States v. Jones decision that they would be amenable to review of the entire third-party doctrine. “More fundamentally, it may be necessary to reconsider the premise that an individual has no reasonable expectation of privacy in information voluntarily disclosed to third parties,” she wrote.

But as Bergen and the paper’s other authors now conclude:

Even granting the government’s explanation of the case, the Moalin case does not provide a particularly convincing defense of the need for bulk collection of American telephone metadata. The total amount going to a foreign terrorist organization was around $8,500 and the case involved no attack plot anywhere in the world, nor was there a threat to the United States or American targets. The four individuals involved in the plot make up only 1.8 percent of the 225 cases we identified.

The White House has not made any direct statements in response to the Bergen report.

But President Barack Obama is expected to make a public statement this coming Friday concerning what surveillance and intelligence reforms the White House will implement in the wake of the Review Group on Intelligence and Communications Technologies’ report.

However, according to the Los Angeles Times, anonymous administration officials have said the metadata program isn't going anywhere.

"This capability was put in place after 9/11 for a good reason," said a senior administration official who asked not to be identified discussing sensitive deliberations. "The question we have to examine is whether the perception of privacy intrusion outweighs the operational value. It's possible we could get that same information … in other ways, but it's slower."

Cyrus Farivar
Cyrus is a Senior Tech Policy Reporter at Ars Technica, and is also a radio producer and author. His latest book, Habeas Data, about the legal cases over the last 50 years that have had an outsized impact on surveillance and privacy law in America, is out now from Melville House. He is based in Oakland, California. Emailcyrus.farivar@arstechnica.com//Twitter@cfarivar